Bug 199527 - Fix DFGArgumentEliminationPhase's NewArrayBuffer check
Summary: Fix DFGArgumentEliminationPhase's NewArrayBuffer check
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: PC Linux
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks: 104114
  Show dependency treegraph
 
Reported: 2019-07-05 12:49 PDT by Michael Catanzaro
Modified: 2019-09-18 22:33 PDT (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2019-07-05 12:49:55 PDT
Coverity has flagged this code from r226033 "[FTL] NewArrayBuffer should be sinked if it is only used for spreading" in ArgumentsEliminationPhase::eliminateCandidatesThatEscape as a likely copy/paste error:

                case LoadVarargs:
                    if (node->loadVarargsData()->offset && (node->child1()->op() == NewArrayWithSpread || node->child1()->op() == Spread || node->child1()->op() == NewArrayBuffer))
                        escape(node->child1(), node);
                    break;
                    
                case CallVarargs:
                case ConstructVarargs:
                case TailCallVarargs:
                case TailCallVarargsInlinedCaller:
                    escape(node->child1(), node);
                    escape(node->child2(), node);
                    if (node->callVarargsData()->firstVarArgOffset && (node->child3()->op() == NewArrayWithSpread || node->child3()->op() == Spread || node->child1()->op() == NewArrayBuffer)) // <-- likely error here
                        escape(node->child3(), node);
                    break;

It looks like this was probably supposed to be node->child3()->op() == NewArrayBuffer, but I don't pretend to understand anything under Source/JavaScriptCore. Yusuke should look at it.
Comment 1 Saam Barati 2019-08-30 16:02:16 PDT
Yeah I think coverity is right!
Comment 2 Radar WebKit Bug Importer 2019-09-18 22:33:52 PDT
<rdar://problem/55507104>